Cyber Security News — Past 24 hours | 26.05.2021

Russian Hydra DarkNet Market Made Over $1.3 Billion in 2020

Russian-language dark web marketplace Hydra has emerged as a hotspot for illicit activities, pulling in a whopping $1.37 billion worth of cryptocurrencies in 2020, up from $9.4 million in 2016.

The «blistering growth» in annual transaction volumes marks a staggering 624% year-over-year jump over a three-year period from 2018 to 2020.

This skyrocketing cryptocurrency activity conducted through the marketplace can be partly attributed to the demise of RAMP in September 2017, which resulted in a mass migration of cybercrime gangs to Hydra.

But effective July 2018, Hydra administrators have imposed stringent requirements on sellers, mandating that outbound withdrawals of cryptocurrency proceeds from their wallets are routed through regionally-operated crypto exchanges and payment services in order to exchange the funds into Russian fiat currency. What’s more, Hydra’s cash-out services — which allow bitcoin to be converted into gift vouchers, prepaid debit cards, Russian rubles, or even physical cash hidden at a discreet location — have made crypto laundering a lucrative way for criminals to exchange their bitcoin haul without being identified and repoSource —

Source — https://thehackernews.com/2021/05/russian-hydra-darknet-market-made-over.html

Zeppelin Ransomware have Resumed their Operations After a Temporary Pause

According to BleepingComputer, the operators behind the Zeppelin ransomware-as-a-service , aka Buran, have resumed operations following a brief outage. Zeppelin’s operators, unlike other ransomware, do not steal data from victims or maintain a leak site.

Experts from BlackBerry Cylance discovered a new version of the Vega RaaS, called Zeppelin, and it first appeared on the threat landscape in November 2019. The Zeppelin ransomware does not infect users in Russia or other ex-USSR countries like Ukraine, Belorussia, or Kazakhstan, unlike other Vega ransomware variants. The ransomware enumerates files on all drives and network shares and attempts to encrypt them after being executed. Experts found that the encryption algorithm used is the same as that used by other Vega variants.

They announced a «big software upgrade» as well as a new round of sales. According to an intelligence survey, the new Zeppelin version costs $2,300 per core build, as per AdvIntel head of research Yelisey Boguslavskiy.

Following the major update, Zeppelin’s developers released a new version of the malware on April 27 that had few new features but improved the encryption’s stability. They also promised that development on the malware would continue and that long-term users, known as «subscribers,» would receive special care.

Source — https://www.ehackingnews.com/2021/05/zeppelin-ransomware-have-resumed-their.html

Belgium Interior Ministry said it was hit by a sophisticated cyber attack

The Belgian interior ministry was hit by a “sophisticated” cyber-espionage attack, the news was confirmed by a spokesman to RTBF public television on Tuesday.

The Federal Public Service Interior’s communications director, Olivier Maerens, confirmed that the attackers were not able to breach the server of the ministry, this means that threat actors did not steal any data. In early May, a massive distributed denial of service attack hit most of the Belgium government’s IT network, according to the media the attack also knocked offline internal systems.

People attempting to visit websites hosted on the Belnet network were not able to reach them and were displayed error messages. Experts cited by RTBF reported that that the attack recently discovered is «more complex and well-targeted».

Early this week, EU leaders had a meeting in Brussels during which they discussed the risks associated by nation-state actors against member states.

“The level of Russian interference both with spies and with web manipulation has become truly alarming”, Italian Prime Minister Mario Draghi told a news conference.

Source — https://securityaffairs.co/wordpress/118275/breaking-news/belgium-interior-ministry-cyber-attack.html

Another critical bug impacts all VMware vCenter Server installs

VMware has released security updates to address a remote code execution flaw in vCenter Server that could be exploited by attackers to execute arbitrary code on the installs.

vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location.

The vulnerability has received a CVSS score of 9.8 and impacts vCenter Server 6.5, 6.7, and 7.0.

«The vSphere Client contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server.» reads the advisory published by the virtualization giant. According to the virtualization giant, a remote attacker can exploit the issue to gain access to a vCenter installs exposed online, whether a customer uses vSAN or not. «there is a remote code execution vulnerability in the vSAN plugin, which ships as part of vCenter Server. This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of whether you use vSAN or not.» reads a blog post published by the company

Source — https://securityaffairs.co/wordpress/118271/security/vmware-vcenter-server-cve-2021-21985.html

Stay Focused. Stay Vigilant.

Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT

--

--

--

First they begin with Us..

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Recover Important Files from ransomware attack

Exploring the Dark Web…

Introducing Metric limit orders for any token pair

Zero Trust - Data Security: We live in a twilight world, and there are no friends at dusk

Easy step by step guide on how you can create your H2OC wallet in MetaMask

Images show the H2OC Token in a MetaMask Wallet

IOI Listed By Huobi Exchange — Win $250,000

Exploiting XSS with Metasploit

Perspectives for Individuals Interested in Pursuing a Cybersecurity Career

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
SLIIT CS2

SLIIT CS2

First they begin with Us..

More from Medium

Why learning a Forensic Artifact matters?

VyOS and other Linux builds unable to use `vmxnet3` or “VMware Paravirtual SCSI” adapter on vSphere

Livestream setup

LOG4SHELL: CRITICAL LOG4J VULNERABILITY CVE-2021–44228 (Effects ON Fortigate Firewalls)